Web app scan report types - difference between the Standard (OWASP) and PCI report

There are 2 formats of web app scan reports in the Cyber Safety Monitoring module:

  • Standard (OWASP)
  • PCI

Both report formats contain the same set of scan results, but provide different context for you and your team.

Standard report (OWASP) presents findings from your web app vulnerability scan correlated to the OWASP Top 10 vulnerabilities, which is helpful for categorize and prioritizing work on any findings based on risk.

PCI report contains a section in the summary page cross-referencing the web app vulnerability findings against a PCI-DSS requirements checklist. For each item in the list, we indicate if the target was tested for that requirement, and if it passed or not.


Note that the column Passed indicates the current compliance status of each requirement. This means that every time you generate a new report you will get the current status of your target, as long as a new scan was completed to ensure that the finding status is updated.


Have more questions? Submit a request